From 270a157627bba3ba17213eb90fc2f519a847c950 Mon Sep 17 00:00:00 2001
From: Iki <farazrizki13@gmail.com>
Date: Tue, 16 Jun 2026 14:50:00 +0900
Subject: [PATCH] upd

---
 adapter/poadapter.js | 159 +++++++++++++++++++++++++------------------
 1 file changed, 93 insertions(+), 66 deletions(-)

diff --git a/adapter/poadapter.js b/adapter/poadapter.js
index ea50d82..58fc936 100644
--- a/adapter/poadapter.js
+++ b/adapter/poadapter.js
@@ -1419,81 +1419,108 @@ class PoAdapter extends Adapter {
 			var apires = this.getApiResultDefined();
 			var idxpo = req.body.idxpo;
 			var idxpoboq = req.body.idxpoboq;
-			var nik = req.body.nik;
-			var status = req.body.status;
-			var statusdescription = req.body.statusdescription;
+			var nik = req.nik || req.body.nik || "";
 			const poNumber = String(posapnumber || "").trim();
-			let setvalues = "";
+			const finalStatus = 0;
+			const finalStatusDescription = "Submitted";
+			const safeSapMessage = String(sapmessage || "").replace(/'/g, "''");
+			const safePoNumber = poNumber.replace(/'/g, "''");
 
-			if (poNumber && poNumber !== "000") {
-				setvalues =
-					"p.ponumber='" +
-					poNumber +
-					"',p.status='" +
-					status +
-					"',p.statusdescription='" +
-					statusdescription +
-					"',po.ponumber='" +
-					poNumber +
-					"',po.status='" +
-					status +
-					"',po.statusdescription='" +
-					statusdescription +
-					"',";
+			if (!idxpo || !poNumber || poNumber === "000") {
+				apires.meta.code = 500;
+				apires.meta.message = "Invalid PO header or SAP PO number";
+				callback("err", apires);
+				return;
 			}
-			var qry =
-				"update tbl_po p, tbl_poboq po set " +
-				setvalues +
-				"p.sapmessages='" +
-				sapmessage +
-				"',p.uby='" +
+
+			const boqIds = String(idxpoboq || "")
+				.split(",")
+				.map((id) => id.trim())
+				.filter((id) => id && id !== "0");
+
+			const qryPo =
+				"update tbl_po set ponumber='" +
+				safePoNumber +
+				"',status='" +
+				finalStatus +
+				"',statusdescription='" +
+				finalStatusDescription +
+				"',sapmessages='" +
+				safeSapMessage +
+				"',uby='" +
 				nik +
-				"',p.udt=now() ";
-			qry =
-				qry +
-				"where (p._idx=po.idxheader and p._idx='" +
+				"',udt=now() where _idx='" +
 				idxpo +
-				"' and po._idx in (" +
-				idxpoboq +
-				")) and p.isdeleted=0 and po.isdeleted=0";
+				"' and isdeleted=0";
 
-			// var qry = "update tbl_po set "+setvalues+"sapmessages='"+sapmessage+"',uby='"+nik+"',udt=now() ";
-			//     qry = qry +"where (_idx=idxheader and _idx='"+idxpo+"' and p_idx in ("+idxpoboq+")) and p.isdeleted=0 and po.isdeleted=0";
-
-			// console.log(qry);
-			db.query(qry, [], function (err, result, fields) {
+			db.query(qryPo, [], function (err, result) {
 				if (err) {
-					apires.meta["message"] = err.toString();
-					apires.meta["code"] = 500;
+					apires.meta.message = err.toString();
+					apires.meta.code = 500;
 					callback("err", apires);
-				} else {
-					qry = "select idxpoboq,ponumber from vw_poboq where idxpoboq in(" + idxpoboq + ")";
-					db.query(qry, [], function (err, result1, fields) {
-						if (err) {
-							apires.meta["message"] = err.toString();
-							apires.meta["code"] = 500;
-							callback("err", apires);
-						} else {
-							apires.success = true;
-							apires.data = JSON.parse(JSON.stringify(result1));
-							if (poNumber && poNumber !== "000") {
-								if (apires.data.length === 0) {
-									apires.data = String(idxpoboq)
-										.split(",")
-										.map((id) => ({
-											idxpoboq: Number(id) || id,
-											ponumber: poNumber,
-										}));
-								} else {
-									apires.data.forEach((row) => {
-										if (!row.ponumber) row.ponumber = poNumber;
-									});
-								}
-							}
-							callback(null, apires);
-						}
-					});
+					return;
 				}
+
+				if (!result || result.affectedRows === 0) {
+					apires.meta.code = 500;
+					apires.meta.message = "PO header not found for update";
+					callback("err", apires);
+					return;
+				}
+
+				let qryBoq =
+					"update tbl_poboq set ponumber='" +
+					safePoNumber +
+					"',status='" +
+					finalStatus +
+					"',statusdescription='" +
+					finalStatusDescription +
+					"',uby='" +
+					nik +
+					"',udt=now() where idxheader='" +
+					idxpo +
+					"' and isdeleted=0";
+				if (boqIds.length > 0) {
+					qryBoq += " and _idx in (" + boqIds.join(",") + ")";
+				}
+
+				db.query(qryBoq, [], function (errBoq) {
+					if (errBoq) {
+						apires.meta.message = errBoq.toString();
+						apires.meta.code = 500;
+						callback("err", apires);
+						return;
+					}
+
+					let qrySelect =
+						boqIds.length > 0
+							? "select idxpoboq,ponumber from vw_poboq where idxpoboq in(" +
+								boqIds.join(",") +
+								")"
+							: "select _idx as idxpoboq, ponumber from tbl_poboq where idxheader='" +
+								idxpo +
+								"' and isdeleted=0";
+
+					db.query(qrySelect, [], function (errSelect, result1) {
+						if (errSelect) {
+							apires.meta.message = errSelect.toString();
+							apires.meta.code = 500;
+							callback("err", apires);
+							return;
+						}
+
+						apires.success = true;
+						apires.data = JSON.parse(JSON.stringify(result1));
+						if (apires.data.length === 0) {
+							apires.data = [{ idxpoboq: boqIds[0] || idxpo, ponumber: poNumber }];
+						} else {
+							apires.data.forEach((row) => {
+								row.ponumber = poNumber;
+							});
+						}
+						callback(null, apires);
+					});
+				});
 			});
 		} catch (err) {
 			apires.meta.code = 500;